mail quarantine Reference user portal - Blocking clients

Question

Hello, 
 We allow our users to release their quarantined mails via portal through (Email > Quarantine settings > Release link settings) which is WAN link. We are getting some random failed logins from a specified source, I know (Administration > Admin and user settings > Login security ) blocks the source ip after failed login attempts for a set period but, Is there a way to block that source indefinitely ?

Raphael Alganes · Accepted Answer

Hello, 
 You may try to follow configurations from these resources: 
 Sophos Firewall: Daily Admin Checklist - under item number 5. Review Admin login reports and authentication log viewer logs to see and validate (too many) failed login attempts and take further action. 
 https://support.sophos.com/support/s/article/KBA-000009932?language=en_US - Sophos Firewall: Multiple failed login (brute force) attempts for WAN-facing portals on the firewall 
 Regards,

mail quarantine Reference user portal - Blocking clients

Top Replies